package com.example.controller;

import com.example.annotations.Autowired;
import com.example.annotations.Controller;
import com.example.annotations.RequestMapping;
import com.example.annotations.Security;
import com.example.service.DemoService;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 未在类上标记@security
 * 预期结果：
 * queyr1： 只有zhaoliu 可以访问
 * query2：任何人都可以访问
 *
 * @author kangshuai
 */
@Controller
@RequestMapping("/demo")
public class DemoController {


    /**
     * 按类型注入
     */
    @Autowired
    private DemoService demoService;

    /**
     * 按指定名称注入
     */
    @Autowired("testService")
    private DemoService testService;


    /**
     * 该方法只允许 zhaoliu 通过
     *
     * @param request
     * @param response
     * @param name
     * @return
     */
    @Security("zhaoliu")
    @RequestMapping("/query1")
    public String query1(HttpServletRequest request, HttpServletResponse response, String name) {
        return demoService.get(name);
    }

    /**
     * 标记@Security 注解但未传值
     * 该方法允许 任何人通过
     *
     * @param request
     * @param response
     * @param name
     * @return
     */
    @Security({})
    @RequestMapping("/query2")
    public String query2(HttpServletRequest request, HttpServletResponse response, String name) {
        return testService.get(name);
    }
}

